eliaskohout/ax
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add agent user nodes with access token authentication
Build and Publish Arch Package / build-arch (amd64, x86_64) (push) Successful in 1m50s
Details
Build and Publish Arch Package / build-arch (arm64, aarch64) (push) Successful in 51s
Details
Build and Publish Docker Image / build-apk (amd64, x86_64) (push) Successful in 53s
Details
Build and Publish Docker Image / build-apk (arm64, aarch64) (push) Successful in 48s
Details
Build and Publish Docker Image / build-and-push-docker (push) Successful in 12m50s
Details

Browse Source
This commit is contained in:
Elias Kohout
2026-06-12 01:54:08 +02:00
parent 6421c28191
commit 83f015cb95
8 changed files with 143 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/serve/oidc.go
+5 -1
View File
@@ -13,7 +13,8 @@ const userContextKey contextKey = "ax_user"
// withSessionAuth wraps a handler with ax session token authentication.
// Auth endpoints (/auth/*) are passed through without a token check.
// All other requests must supply Authorization: Bearer <server_token>.
func withSessionAuth(ah *authHandler, next http.Handler) http.Handler {
// If the token is not a valid OIDC session, agentLookup is tried as a fallback.
func withSessionAuth(ah *authHandler, agentLookup func(string) string, next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if strings.HasPrefix(r.URL.Path, "/auth/") {
next.ServeHTTP(w, r)
@@ -26,6 +27,9 @@ func withSessionAuth(ah *authHandler, next http.Handler) http.Handler {
}
token := strings.TrimPrefix(auth, "Bearer ")
username := ah.lookupSession(token)
if username == "" && agentLookup != nil {
username = agentLookup(token)
}
if username == "" {
writeError(w, http.StatusUnauthorized, "invalid or expired session; run 'ax login'")
return